Feeds

Plan B from Petty France - the other UK ID card

Or more properly, the real one?

Intelligent flash storage arrays

Passports are issued under Royal Prerogative, effectively executive powers of the monarch which are exercised by Government Ministers. These powers include the right to grant and revoke passports, exercised by the Home Secretary and the Foreign Secretary.

Three years ago Parliament's Public Administration Select Committee suggested that this and other aspects of the Royal Prerogative (starting wars, that kind of stuff) be put on a more formal statutory basis, but the Department of Constitutional Affairs declined to pursue the matter, observing on passports that "successive Governments have taken the view that the non-statutory system has worked well and that change is not required."

The Government did, last year, say that it could add fingerprints to passports via the Royal Prerogative, but as all of the Passport Service's identity-related plans are going ahead with or without the ID Card Bill, clearly it's all happening under the Prerogative.

Which you might reckon stretches the legal framework well beyond breaking point. Lack of Parliamentary oversight? You ain't seen nothing yet.

It is practically impossible to justify the UK Passport Service's identity management plans as being encompassed by a Royal Prerogative intended simply to cover the granting and revoking of passports, even taking into account the requirements of new international standards. As far as biometric passports are concerned, it's been pointed out repeatedly (not least by The Register that in order to conform to ICAO standards the UK need only add a chip containing a digitised passport photograph to existing passports (which is what the Passport Service is actually doing for biometric passport phase one in this very quarter).

There is no need for a biometric database or online checking, because the thinking underlying the ICAO biometric passport standard is that it should be possible to link the bearer to the document by locally checking the bearer's biometrics against those held on the document. So long as you're confident the document isn't forged or fraudulently issued, you don't even need to keep the biometric data in a database - you could even, as some countries intend to do, just throw it away. You know the document is genuine, hence you know the person is genuine, and you don't need any other information.

Nor (we've said this a lot too) does the UK need to add fingerprints to its passports. The EU's Schengen countries are currently committed to do so, but the UK is not a Schengen country, and does not have to conform to this standard. But again, if we wish to add fingerprints in anticipation of their becoming a widespread international requirement, we could do this on the basis that the individual was matched locally against the document, and for the specific purposes of passport issue and administration we do not need to have the fingerprint data online, or even retained.

There's clearly an argument that even the Passport Office's move from document-centric to person-centric and the consequential construction of its version of the NIR steps beyond the Royal Prerogative (which covers documents, not people). The assertion, "All of those items are coming anyway, and the passport service will have to provide for them" most certainly goes many steps beyond it.

There may well be arguments that commercial demand (should such a thing really exist) for identification services from Government should be met, and we may all view it as a good idea for a database of all UK citizens' fingerprints to exist to allow for "the checking of unidentified fingerprints at scenes of crime" (which was put forward by Baroness Scotland as one of the "extra benefits" of the ID scheme). But it is by no means obvious that the Passport Service has the powers to provide these things, that it is the appropriate department to do so, or that providing them via a centralised Government identity monopoly is the sensible way to do it.

If the ID Cards Bill becomes law, then the legal framework changes. The legislation could be said to place the Passport Service's identity operations on a statutory basis, overseen by the new authority the Passport Service will become, and therefore "all of these items that are coming anyway" will be retrospectively legitimised. But if the Bill doesn't become law, and all of these items continue to come, anyway, then there will be a whole growing edifice there we should be asking a lot of hard questions about. And under the circumstances, maybe the Queen should be asking a few herself... ®

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.